	package com.evon.yardmanagement.ui.action;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;

import com.opensymphony.xwork2.ActionSupport;

public class LoginUser extends ActionSupport {

	/**
	 * 
	 */

	private static final long serialVersionUID = 1L;
//	static {
//		Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//		SecurityManager securityManager = factory.getInstance();
//		SecurityUtils.setSecurityManager(securityManager);
//	}
	private String userName;
	private String password;
	private Subject shiroUser;

	public Subject getShiroUser() {
		return shiroUser;
	}
	public void setShiroUser(Subject shiroUser) {
		this.shiroUser = shiroUser;
	}
	public String getUserName() {
		return userName;
	}
	public void setUserName(String userName) {
		this.userName = userName;
	}
	public String getPassword() {
		return password;
	}
	public void setPassword(String password) {
		this.password = password;
	}
	
	@Override
	public String execute(){
		return SUCCESS;	
	}
	public String loginUser() throws Exception {
		
		
		String url = "/login.jsp";

		// see /login.jsp for these form fields

		// create a UsernamePasswordToken using the
		// username and password provided by the user
		System.out.println("user name -" + userName);
		UsernamePasswordToken token = new UsernamePasswordToken(userName,
				password);

		try {

			// get the user (aka subject) associated with
			// this request.

			Subject subject = SecurityUtils.getSubject();
			System.err.println("Subject -----" + subject);
			// The use of IniShiroFilter specified in web.xml
			// caused JSecurity to create the DefaultWebSecurityManager object
			// see:
			// http://jsecurity.org/api/org/jsecurity/web/DefaultWebSecurityManager.html
			// This security manager is the default for web-based applications
			// The SecurityUtils was provided that security manager
			// automatically
			// The configuration specified in web.xml caused
			// a JdbcRealm object to be provided to the SecurityManager
			// so when the login method is called that JdbcRealm
			// object will be used
			// This application uses all the other defaults
			// For example the default authentication query string is
			// "select password from users where username = ?"
			// since the database this application uses (securityDB)
			// has a users table and that table has a column named username
			// and a column named password, the default authentication query
			// string will work
			// The call to login will cause the following to occur
			// Shiro will query the database for a password associated with the
			// provided username (which is stored in token). If a password is
			// found
			// and matches the password
			// provided by the user (also stored in the token), a new Subject
			// will be created that is
			// authenticated. This subject will be bound to the session for the
			// user who made this request
			// see:
			// http://shiro.apache.org/static/current/apidocs/org/apache/shiro/authc/Authenticator.html
			// for a list of potential Exceptions that might be generated if
			// authentication fails (e.g. incorrect password, no username found)

			subject.login(token);
			//shiroUser.login(token);
			//SecurityUtils.getSecurityManager().authenticate(token);
			
			
			// clear the information stored in the token

			token.clear();

			url = "/secure/index.jsp";

		} catch (UnknownAccountException ex) {
			// username provided was not found
			ex.printStackTrace();
			return ERROR;

		} catch (IncorrectCredentialsException ex) {
			// password provided did not match password found in database
			// for the username provided
			ex.printStackTrace();
			return ERROR;
		}

		catch (Exception ex) {

			ex.printStackTrace();
			return ERROR;


		}

		// forward the request and response to the view
//		RequestDispatcher dispatcher = getServletContext()
//				.getRequestDispatcher(url);
//
//		dispatcher.forward(request, response);
//		return super.execute();
		System.err.println("IS USER AUTH _" + SecurityUtils.getSubject().isAuthenticated());
		return "redirect";
	}
	
	public String logout(){
		SecurityUtils.getSubject().logout();
		return "redirect";
	}
	
	/**
	 * Dummy action method for redirecting the logn action, this is required for switching the namespace.
	 * @return
	 */
	public String loginRedirect(){
		return SUCCESS;
	}

	/**
	 * Dummy action method for redirecting the logout action, this is required for switching the namespace.
	 * @return
	 */
	public String logoutRedirect(){
		return SUCCESS;
	}

}
